IE zero-day flaw leaks out; Exploit code published

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code. The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

Another case that shows how difficult it is for reasonable and informative disclosure, yet not giving away the attack like this.

On a side note, am looking forward to trying this out from Metasploit… 😀